Our thinking

2023 Global compliance risk benchmarking survey

In collaboration with

KPMG

 

Industry perspectives on the state of compliance today and effective strategies for managing compliance risk within the changing regulatory landscape

 

Introduction

Darryl Lew
Partner
White & Case LLP
T: +1 202 626 3674

Matthew McFillin
Partner, Forensic Services
KPMG LLP
T: +1 267-256-2647

In today's fast-paced and interconnected world of global business, a robust and comprehensive compliance program is not merely a choice, but a critical imperative for any organization. Drawing on the opinions of 201 senior decision-makers from more than 30 countries.

White & Case LLP and KPMG LLP's "2023 Global compliance risk benchmarking survey" offers powerful insights into compliance practices across industries worldwide and strategies employed by companies to manage their compliance risks—from anti-corruption risk assessments, third-party management and employee risk awareness to environmental, social and governance (ESG) practices and cybersecurity.

Among the key findings are the importance of regular anti-corruption risk assessments and robust third-party management practices—essential components for creating a culture of compliance and transparency.

Use of data analytics is gaining momentum in compliance programs, though many companies are still in the developmental stage. Testing anti-corruption programs for effectiveness is crucial, as is consistent measurement of hotline awareness and effectiveness, along with addressing employee concerns about hotline integrity.

ESG has increasingly become an area of focus, but our respondents reveal a lack of consistency in addressing ESG risks. This inconsistency in approach can hinder the effective implementation of organization-wide policies and procedures and lead to uncertainty among employees. Clearer guidance and communication are essential in navigating the complexities of ESG and ensuring successful integration into business practices.

Looking ahead, cybersecurity takes center stage as the top compliance priority for the next 12 months, as safeguarding sensitive data and proactively addressing digital threats become more important than ever.

By proactively addressing these compliance challenges, organizations can ensure ethical business practices, mitigate risks and safeguard their reputation in an increasingly complex regulatory environment. We hope you will find our "2023 Global compliance risk benchmarking survey" an insightful read.

Key insights at-a-glance

Drawing on the opinions of 201 senior decision-makers from more than 30 countries, White & Case LLP and KPMG LLP's "2023 Global compliance risk benchmarking survey" offers insights into compliance practices across industries worldwide and strategies employed by companies to manage their compliance risks—from anti-corruption risk assessments, third-party management and employee risk awareness to ESG practices and cybersecurity.

In today’s fast-paced and interconnected world of global business, a robust and comprehensive compliance program is not merely a choice, but a critical imperative for any organization

Key insights at-a-glance View full image: Key insights at-a-glance (PDF)

Global compliance risk benchmarking survey: ABC risk assessments

Read 2 min. article
tea garden

Global compliance risk benchmarking survey: Third-party management

Read 7 min. article
labyrinth garden

Use of data analytics in compliance programs

Read 2 min. article
mountain tea garden aerial

Global compliance risk benchmarking survey: Monitoring and review

Read 2 min. article
labyrinth

Global compliance risk benchmarking survey: Compliance escalations

Read 6 min. article
maze aerial view

Global compliance risk benchmarking survey: ESG

Read 6 min. article
garden maze

Impact of remote working on compliance and investigations

Read 2 min. article
aerial view of tea plantation

Looking to the future: Cybersecurity tops the list of compliance priorities for the next 12 months

Read 1 min. article
garden maze

Survey methodology and demographics

Read 1 min. article
corn maze
mountain tea garden aerial

Use of data analytics in compliance programs

In collaboration with

KPMG

Insight
|
2 min read

Key Takeaways

01

Use of data analytics is becoming more commonplace, but most companies are still developing their approach

02

Growing convergence in how data analytics is deployed in compliance programs

78%

of respondents report using data analytics for compliance risks

Being informed is the first step to being prepared. For decades, corporate counsel and compliance professionals have developed tools, systems and analytical approaches to improve the efficacy and scale of compliance oversight and controls. Technology has allowed companies to integrate compliance concepts and requirements into core business operations like never before. The "compliance by design" revolution has resulted in the growth of data analytics tools, key performance indicators and dashboards to help compliance teams monitor day-to-day business activities for risk and identify potential issues before they arise. These innovations have also resulted in significant cost savings for companies and more precision in targeting risk-based anti-corruption activities. 

In a nod to the increasingly clear value of data analytics, in 2020 the US Department of Justice‘s Criminal Division updated its "Evaluation of Corporate Compliance Programs" to direct prosecutors to consider how companies collect and analyze data as part of their compliance programs. The US Department of Justice‘s Criminal Division encouraged prosecutors to assess how compliance teams use data analysis techniques to review business data and identify potential compliance concerns. One can expect an increased focus by enforcement authorities on whether and to what extent corporate counsel and compliance professionals are engaged with and deriving data from real-time business operations.

Our survey asked companies to describe the current state of their data analytics programs, and where they are headed.

How developed is your organization‘s use of data analytics for compliance risks? (PNG) View full image: How developed is your organization’s use of data analytics for compliance risks? (PDF)

Data maturity ranking by company size (revenues (US$)) (PNG) View full image: Data maturity ranking by company size (revenues (US$)) (PDF)

Approximately one in five companies do not currently use data analytics for compliance and ethics 

Few companies (9%) viewed themselves as being advanced in using data analytics for their compliance programs. Most companies (69%) reported having a rudimentary or developing data analytics strategy.
By comparison, approximately one-fifth (21%) of respondents do not currently use data analytics for their compliance programs. 

Adoption of data analytics was lowest among smaller companies, with approximately 30% of companies earning less than US$10 billion in revenues annually not using data analytics for compliance, compared to less than 5% of companies earning more than US$10 billion per year.

How does your organization currently use data analytics in its compliance program? (PNG) View full image: How does your organization currently use data analytics in its compliance program? (PDF)

Among companies using data analytics, there is growing convergence in how they deploy data analytics in compliance programs

Overall, our survey shows that most companies are using data analytics to support core compliance program activities. Over half of respondents reported using data analytics to enhance risk assessments (58%); develop reports, visualizations and/or dashboards (58%); and manage training and certification requirements (55%). 

Notably, the 9% of companies that self-identified as having "advanced" data analytics programs were more likely to use data analytics in areas that relate to management of real-time business risk. For instance, these respondents were almost twice as likely to report using data analytics to perform risk-based transaction monitoring and testing (89%) than the average (47%). They also were more likely to use data analytics to identify third parties for heightened screening and diligence (72%) than the average (48%); and to track and manage compliance requests and approvals (72%) than the average (39%).

White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.

This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.

© 2023 White & Case LLP

Service areas

Top